crypt

package module

v0.0.47 Latest Latest Go to latest Published: Mar 27, 2023 License: MIT Imports: 9 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/estafette/estafette-ci-crypt

Links

Open Source Insights

README ¶

Estafette CI

The estafette-ci-crypt library is part of the Estafette CI system documented at https://estafette.io.

Please file any issues related to Estafette CI at https://github.com/estafette/estafette-ci-central/issues

Estafette-ci-crypt

This library provides encrypt / decrypt functionality for Estafette CI secrets; it uses AES-256 encryption.

Development

To start development run

git clone git@github.com:estafette/estafette-ci-crypt.git
cd estafette-ci-crypt

Before committing your changes run

go test
go mod tidy

Documentation ¶

Index ¶

Constants
Variables
type SecretHelper
- func NewSecretHelper(key string, base64encodedKey bool) SecretHelper

Constants ¶

View Source

const DefaultPipelineAllowList = ".*"

DefaultPipelineAllowList is the regular expression that allows any pipeline to decrypt a secret

View Source

const SecretEnvelopeRegex = `estafette\.secret\(([a-zA-Z0-9.=_-]+)\)`

SecretEnvelopeRegex is the regular expression to match an estafette secret envelope

Variables ¶

View Source

var (
	// ErrRestrictedSecret is thrown if a restricted secret for another pipeline is encountered
	ErrRestrictedSecret = errors.New("This secret is restricted to another pipeline")
)

Functions ¶

This section is empty.

Types ¶

type SecretHelper ¶

type SecretHelper interface {
	Encrypt(unencryptedText, pipelineAllowList string) (encryptedTextPlusNonce string, err error)
	Decrypt(encryptedTextPlusNonce, pipeline string) (decryptedText, pipelineAllowList string, err error)
	EncryptEnvelope(unencryptedText, pipelineAllowList string) (encryptedTextInEnvelope string, err error)
	DecryptEnvelope(encryptedTextInEnvelope, pipeline string) (decryptedText, pipelineAllowList string, err error)
	DecryptAllEnvelopes(encryptedTextWithEnvelopes, pipeline string) (decryptedText string, err error)
	ReencryptAllEnvelopes(encryptedTextWithEnvelopes, pipeline string, base64encodedKey bool) (reencryptedText string, key string, err error)
	GenerateKey(numberOfBytes int, base64encodedKey bool) (key string, err error)
	GetAllSecretEnvelopes(input string) (envelopes []string, err error)
	GetAllSecrets(input string) (secrets []string, err error)
	GetAllSecretValues(input, pipeline string) (values []string, err error)
	GetInvalidRestrictedSecrets(input, pipeline string) (invalidSecrets []string, err error)
}

SecretHelper is the interface for encrypting and decrypting secrets

func NewSecretHelper ¶

func NewSecretHelper(key string, base64encodedKey bool) SecretHelper

NewSecretHelper returns a new SecretHelper

Source Files ¶

View all Source files

secretHelper.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL